<?php

/*
 * Created on Apr 26, 2012
 *
 * To change the template for this generated file go to
 * Window - Preferences - PHPeclipse - PHP - Code Templates
 */

session_start();
if (isset ($_SESSION['userid']) && $_SESSION['level'] == '2') {
	if (isset ($_POST['adduser'])) {
		$u = NULL;
		$p = NULL;
		$l = '1';
		$msg = NULL;

		if ($_POST['username'] == NULL) {
			$msg = 'Please enter your username <br/>';
		} else {
			$u = $_POST['username'];
		}

		if ($_POST['password'] == NULL) {
			$msg .= 'Please enter your password <br/>';
		} else {
			$p = $_POST['password'];
		}

		if ($_POST['password'] != $_POST['re-password']) {
			$msg .= 'Password and Re-Password is not matched<br/>';
			$pp = false;
		}else{
			$pp = true;
		}

		$l = $_POST['level'];

		if ($u && $p && $l && $pp) {
			$conn = mysql_connect('localhost', 'root', 'vertrigo') or die('can not connect to server');
			mysql_select_db('iblog', $conn);
			$sql = "select * from user where username='" . $u . "'";
			$query = mysql_query($sql);
			if (mysql_num_rows($query)) {
				$msg = 'Username is already exsited';
			} else {
				$sql2 = "insert into user(username, password, level) values('" . $u . "', '" . $p . "','" . $l . "')";
				$query2 = mysql_query($sql2);
				$msg = 'New user is already added';
			}

			mysql_close($conn);
		}
	}
}else{
	header('location: login.php');
	exit ();
}

?>
<html>
	<head>
		<title>Add User</title>
	</head>
	<body>
		<form action="add_user.php" method="post">
			<?php global $msg; echo $msg; ?><br/>			
			Level: 
			<select name="level">
				<option value="1">Member</option>
				<option value="2">Admin</option>				
			</select>
			<br/>
			Username: <input type="text" name="username" size="25"/><br/>
			Password: <input type="password" name="password" size="25"/><br/>
			Re-Password: <input type="password" name="re-password" size="25"/><br/>
			<input type="submit" name="adduser" value="Add new user"/>
		</form>
	</body>
</html>